On Sunday, 17 June 2007, Moritz Muehlenhoff wrote:
Package: moodle
Severity: serious
Your package includes a copy of PHPMailer, which also is packaged as
libphp-phpmailer in the archive. You need to fix your package
to use the system-wide library. Otherwise it requires too much overhead
whenever a vulnerability in PHPMailer is found. (like right now
CVE-2007-3215)
Moodle's integration of phpmailer requires some modifications to phpmailer, so
I can't just use Debian's phpmailer.
The current vulnerability doesn't even affect Moodle. I could have said it
before so I know that since last Wednesday. Sorry for that.
Best regards
--
Isaac Clerencia at Warp Networks, http://www.warp.es
Blog: http://people.warp.es/~isaac/blog/
Work: [EMAIL PROTECTED] | Debian: [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part.